Laravel Anypass
, (*1)
, (*2)
Built with :heart: for every "lazy" laravel developer ;)
It is always painful to remember and type in the correct password in the login form while you are in development..., (*3)
It would be nice to be able to login with any password in local environment and only by changing the .env variables(not the application code), switch to: "real password checking"., (*4)
(This means you do not need to change your application code, when you deploy your app to production while you enjoy the ease in local environments.), (*5)
Actually the behaviour of the auth()->attempt($credentials); simply changes based on the config variable in the auth.php and .env file!, (*6)
This package is only a few lines (about 20 lines) of code with almost no overhead., (*7)
It is also completely safe to avoid installing it on production without changing your code. Since it is a dev only dependency in your composer.json file., (*8)
"require-dev": {
"imanghafoori/laravel-anypass": "dev-master",
...
},
Config
To avoid accidental security vulnerabilities, 3 conditions should match before you can login with any password :, (*9)
in your .env file you must:, (*10)
1 - APP_ENV=local // or APP_ENV=testing
2 - APP_DEBUG=true
3 - ANY_PASS=true
4 - WRONG_ANY_PASS=wrong // any password is correct except this one.
That way it is very unlikely to accidentally misconfigure your app to accept any wrong password on production server., (*11)
We highly recommend to take a look to the source code., (*12)
By default, Anypass will only work if the APP_ENV is set to local or testing. You can override this by defining ANY_PASS_ENVIRONMENTS in your .env file, and setting the value to a comma-separated string of environments. For example:, (*13)
ANY_PASS=true
ANY_PASS_ENVIRONMENTS="local,testing,acceptance"
- If you want to manually check the login form behaivour in case of a wrong password in local you can use the "1_Wrong_pass" string. (you CAN enter it in lowercase or uppercase and a combination of both like "1_WrOnG_Pass", and it would be considered as a wrong password.)
:heartbeat: Note
You can not login with an invalid username or an invalid api token. Only the password checking is by-passed., (*14)
:fire: Installation
composer require --dev imanghafoori/laravel-anypass
(For laravel 5.4 and below: Instead of adding the service provider in the config/app.php file, you can add the following code to your app/Providers/AppServiceProvider.php file, within the register() method:, (*15)
public function register()
{
if ($this->app->environment() === 'local' || $this->app->environment() === 'testing') {
$this->app->register(\Imanghafoori\AnyPass\AnyPassServiceProvider::class);
}
// ...
}
:exclamation: Security
If you discover any security related issues, please email imanghafoori1@gmail.com instead of using the issue tracker., (*16)
:star: Your Stars Make Us Do More :star:
As always if you found this package useful and you want to encourage us to maintain and work on it, Please press the star button to declare your willing., (*17)
More from the author:
Laravel Terminator
:gem: A minimal yet powerful package to give you opportunity to refactor your controllers., (*18)
- https://github.com/imanghafoori1/laravel-terminator
:gem: A minimal yet powerful package to give a better structure and caching opportunity for your laravel apps., (*19)
- https://github.com/imanghafoori1/laravel-widgetize
Laravel Master Pass
:gem: A simple package that lets you easily impersonate your users., (*20)
- https://github.com/imanghafoori1/laravel-MasterPass
Laravel HeyMan
:gem: It allows to write exressive and defensive code whcih is decoupled from the rest of your app., (*21)
- https://github.com/imanghafoori1/laravel-heyman
Wallogit.com
